Cyberattacks on Central Kansas Orthopedic Group and the Pediatric Physicians’ Organization at Boston Children’s Hospital

Ransomware Attack on Central Kansas Orthopedic Group

A ransomware attack on Central Kansas Orthopedic Group (CKOG) based in Great Bend, KS in November 2019 resulted in patient file encryption.

CKOG discovered the attack on November 11, 2019 and received a ransom demand. CKOG declined to pay the ransom but was able to successfully restore all encrypted files, which include patient medical records, from backups.

A third-party forensic team investigated the attack to find out if the attackers accessed or copied patient data before the ransomware deployment. The investigation revealed no evidence that the attackers viewed or stole patient information. There is also no report of data misuse received.

The attackers may have accessed the following types of data: names, email addresses, addresses, birth dates, driver’s license numbers, state-issued ID numbers, health data associated to the treatment given by CKOG, Social Security numbers, and medical insurance data. CKOG notified all affected patients by mail and provided them with identity theft protection services via ID Experts.

CKOG is currently looking at its security platform and has begun using extra security protocols to strengthen its security posture.

A malware attack on Pediatric Physicians’ Organization at Children (PPOC) occurred on February 10, 2020 resulting in a system outage so that 500+ pediatricians, physician assistants and nurse practitioners could not access patient information and appointment calendars. PPOC is a physician group associated with Boston Children’s Hospital.

PPOC has around 200 servers. The attack did not impact eleven of PPOC’s servers. IT staff at PPOC and Boston Children’s Hospital immediately took action to control the malware and quarantined the affected servers. Unaffected servers were deactivated as a safety measure. Boston Children’s Hospital passed an announcement stating that the attack did not impact its systems.

Since it was impossible to access patient health records, PPOC advised the patients to reschedule their non-urgent visits until the malware is taken out and the servers are reactivated. Children’s Hospital released an announcement on February 12, 2020 stating the progress in restoring the servers. However, it was still uncertain when the recovery will be complete.

PPOC has more than 100 practices throughout Massachusetts and has over 350,000 patients. The type of malware used in the attack is still unknown. It is also unknown if the hackers accessed patient data.